Ever since I was a kid I’ve been deeply interested in the topic of steganography. Basically, steganography is hiding data inside of data. The common application of this is hiding text, images, or other files, inside of images or audio files. The application I’ve started using due to its compatibility with the JPEG file format is JPHS. Its a lightweight app that can hide any file into a JPEG file with minimal evidence that anything is there.
But then what to hide? Well it has to be small. You can only hide about 5% of the original file size without making it obvious that the file is modified. And it would probably be a good idea to zip the file first so that you remember what the extension is supposed to be. And you’ll want to use a unique passphrase for each file inserted, so that if someone gets one passphrase they can’t just go extracted all the files from all your graphics. But you don’t want to forget the passphrase, so it should probably be something related to either the picture, or, better yet, to the data.
But that didn’t really answer the question of what to hide. Well I hide many things. Short documents that have historic value to me that I want multiple copies all over the place so it will never be lost. Copyrighted graphics that I want to keep online copies of while still avoiding the copyright infringement problems. Confidential documents that I’m not supposed to have copies of. All kinds of junk. I know that nobody can actually get to it, so there really isn’t any threat on putting it online. Using a passphrase of 20+ characters, and encrypting the passphrase beforehand to eliminate dictionary entries, and stuffing the data into random JPEG’s that are entirely unrelated to the data, should make it very very difficult to find. And to make it even harder, I always make sure that once I use a file for hiding data, I destroy the original. It would make it much much easier to rip the data out of the JPEG if you could compare the original with the stuffed file. So if I make sure the original IS the stuffed file, then there is nothing to compare it to.
An even more fun way to send short secret messages is using spammimic. This service will convert your short message into a spam email. So you just have to send your friend some spam and they can decode it (after they fish it out of their spam folder) and get your message. Of course, you’d want to send from a fake/free email address that your friend is aware of so it won’t trace to you. Perhaps you could work out some nigritude ultramarine-type codeword to use in either the sender’s name or email address, so you can use different emails for each message. They also let you make fake PGP encrypted emails. I’d love to see some CIA experts trying to crack the PGP encryption when really it is just base64 encoded. Give it a try sometime. Its neat.